2017 Spring Training: Information Security, Prevention and Audit

2017 Spring Training: Information Security, Prevention and Audit
Event on 2017-04-26 07:30:00
Spring Training A 16 CPE Event in Portland, Oregon focusing on Information Security, Prevention, and Audit. The event will take place over two days, Wednesday, April 26th and Thursday the 27th. Continental Breakfast, Coffee, Lunch, and Snacks provided! When: Wednesday, April 26, 2017 – Thursday, April 27, 2017 See agenda below Where: OREGON ZOO Education Facilities 4001 Southwest Canyon Road, Portland, OR 97221 CPE: 16 CPE Cost: Early Bird Pricing:  Before 3/15/17: ISACA Member: 5 Non-ISACA Member: 5 Regular Pricing:  After  3/15/17: ISACA or IIA Member: 0 NonMember: 0 Topics: Day 1:  5 Sessions: Various Presenters 1) Keynote: Hard or Soft Boiled… It's still an egg: Melissa Martin Data, Data, Data, Facts, Reports and Evidence.  These are the hard artifacts obtained during an audit.  But what are we missing by not employing the soft skills and using interpersonal communications to gain insights, access and build rapport?  2) The Evolving Role of the FBI Cybersecurity Division: FBI 3) Privacy by Design: Madeline Zamoyski Regulators have long touted the importance of incorporating "privacy by design" but it isn't always clear what that entails. This session will present the seven foundational principles of “privacy by design” and review how the FTC interprets the privacy by design principles. Real-world examples will be used to foster discussion on some of the challenges in incorporating these principles and how others have addressed them. 4)  A Microservices Security Mindset: Kim Green How well do you understand microservices security?  Unfortunately, too many security professionals struggle with the new challenges and risk associated with microservices architecture.  Microservices is not just about development and deployment – it is about security, which is why governance is critical for the success of microservices in any business.  This presentation will provide the audience with a practical approach to better understanding microservices security and identify the necessary steps to securing their company’s microservices applications. 5) Cybersecurity Panel: Port of Portland Case Study report, out from the Port of Portland.  Panelists will share lessons learned from the Port's recent efforts to implement Cybersecurity and some of the legal and operational challenges and considerations. Day 2: 4 Sessions by John Gatto 6) Outsourcing and the Need for Supplier Audits Why and How companies use third party suppliers. Outsourced or Vendor, the risks involved and what audit should be doing. This session will explore: Understanding security and privacy risks for Outsourcing. Contract elements Minimum security requirements that should be put in contracts Supplier Audit techniques 7) Auditing Disaster Recovery / Business Resumption Planning Key consideration and the 10 critical actions auditors need to address when reviewing DR plans and approaches.  This session will explore: The seven key categories within the DR plan that need to be in place and reviewed The makeup of a DR Plan / Exercise Audit focus points during the review Risk identification and mitigation Learn the benefits of doing a DR review Know how Business Continuity and DR are interweaved 8) Auditor’s Role in System Development The Role of the auditor in the SDLC process. This session covers: Understanding the various phases of the SDLC Utilizing a risk approach to identify high-risk projects The benefits of being involved during the project life Various reporting mechanisms Time allocation by risk area Value add process for selecting the applications that pose the greatest risk to the company, along with the time allocation, audit steps, and reporting requirements 9) Crisis and Change Management – Internal Audit Involvement Auditor role during of crisis management and organizational change management. Key areas in this session include: Definition: Reputation Integrity & Crisis Crisis Management Planning Crisis Management Execution Audit’s Role Definition: Organizational Change Management Impacts on the organization What may be needed from Internal Audit Presenters: Keynote: Melissa Martin Melissa Martin is an accomplished instructor and consultant for effective workplace interaction. Facilitating group learning is her passion and she thrives on watching participants realize their individual and team potential. Her goal with every encounter is to help people create a more cohesive work environment. Participants have appreciated her activity and discussion-based facilitation style that allows them to internalize the material for more individualized results. Participants learn to celebrate their own strengths and how to bring out the strengths of their team members. In addition to academic achievements, Melissa’s certifications include: Everything DiSC Crucial Conversations Bridges out of Poverty The Five Behaviors of a Cohesive Team Parent Leadership Training Institute Development Dimension International Melissa uses the above curriculum and her own research to customize training and has provided training and education to organizations in the academic, volunteer, governmental and private sectors. Kim Green, Zephyr Health Kim is the Founder and Chief Executive Officer of KAZO Security. Prior to starting KAZO, she served in several CISO roles, including Zephyr Health and Bosch Healthcare division, where she oversaw company enterprise and product security programs. She also serves as an advisor to Authentic8, Net switch, Cyber Defense Group, Bug crowd and US Market Access Center. With over 20 years’ experience in both private and public healthcare sectors, Kim has consulted federal and state government healthcare agencies and private companies on security and privacy best practices. Kim routinely speaks on security and privacy topics. In 2013, she spoke to the European Commission in Brussels on behalf of the European Union Health Information and Communication Technology Trade Association regarding the General Data Protection Regulation, which goes into effect in 2018. Kim studied computer software engineering and computer information systems at Brandeis University and Cal Lutheran University. She also served in the United States Army and was awarded the Army Achievement Medal.  Madeline Zamoyski Madeline Zamoyski is a product and privacy attorney who has worked in tech for the past 8 and a half years. After six years working in some of the best law firms in the California Bay Area, she moved in-house, first working for LinkedIn and now New Relic. She is passionate and excited about intellectual property and privacy law since it continues to develop and transform as the technology in our lives develops and transforms. John Gatto  John Gatto was with Health Care Service Corporation (HCSC) in Chicago, IL from December 2005 until his retirement in January 2015. He was the Divisional Vice President, Audit Services and was responsible for all aspects of IT Audit for the five Blue Cross Blue Shield Plans comprising HCSC (Illinois, Texas, Montana, New Mexico and Oklahoma) and encompasses NAIC / MAR compliance and testing, risk based audits, advisory engagements for new development projects, coordination of SOC-1 and SOC-2 reviews and E&Y Year-End Financial Audits. John was a member of a number of Steering Committees within the IT area of HCSC. Prior to HCSC, John worked at Federal-Mogul in Michigan as the Sox coordination supervisor, Avery Dennison in California as a Project Manager, and spent 13 years with Horizon BlueCross BlueShield of New Jersey, where he was Director of Systems Audit, Customer Audit and Operations Audit. John has over 45 years of audit experience, most of it in the IT Audit arena. He is a CISA and CRISC and has his MBA from Fairleigh-Dickinson University in New Jersey. John is a frequent speaker for the BCBSA, IIA and ISACA organizations. In 2010 he was named “Educator of the Year” by the Chicago Chapter of the IIA. Since retiring, John has spoken at the Southeastern and Southwest Intergovernmental Audit Forums, the ISACA CACS Conference and at the ISACA Chapters in South Carolina, North Carolina, Harrisburg, New Jersey and Central Florida. He is focusing on speaking on a range of topics such as PCI, BYOD, Disaster Recovery, etc. Descriptions of these sessions are available upon request.    We hope to see you there!   Looking for other upcoming events? Click here

at Oregon Zoo Amphitheater
4001 SW Canyon Road
Portland, United States

This entry was posted in Company Name and tagged , , , , , , . Bookmark the permalink.

Leave a Reply