PAST EVENTS

Data Breaches:  Defending Against and Responding To

 

Strategies to help your organization prepare for, defend against and respond to breaches.

 

May 2, 2019

 

9:00am-5:00pm

 

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

 

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

      

Overview

 

It is not a matter of if, but when your organization will be breached. Against these threats, enterprises try to build higher and more secure walls around their data and networks. This seems to be a never-ending arms race, as even the most sophisticates systems may, before long, present weaknesses that malicious technology can overcome.

What You Will Learn

 

In this one day conference attendees will learn:

  • Today’s Cyber Threats – What Keeps Me Up at Night
  • Duty of Care Risk Analysis: “Getting Consensus From Legal, Information Security, and Executive Management.”
  • Is it an Incident or a Breach? How to Tell and Why it Matters
  • “No More Soft Chewy Centers” – Applying Zero Trust to Prevent and Respond to Breaches In Today’s Data Centers and Clouds
  • Cyber Security & BC/DR: Recovering from Ransomware & Breaches
  • Data Breach – How Do You handle? How Do You Respond?
  • Breaches & Ransomware: How to Handle, How to Respond

 

Conference Price: $289.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Conference Program

8:00am – 8:30am: Registration and Continental Breakfast

8:30am-9:20am:  Today’s Cyber Threats – What Keeps Me Up at Night

 

Alex Holden, Founder & CISO, Hold Security

 

Insider look at current events in cyber security and what is in store for the future. What are the most common threats? How to respond to the breaches that seemingly ambush us every day? This technical and insightful overview is a glimpse of hope in an otherwise chaotic cyber world.

 


Holden

9:20am-10:10am: Third Party Assessment Prioritization: “Vendor Tiering and Due Diligence Levels”

 

Ken Squires, CISSP, HCISPP, CISA, CRISC, ISO 27001 AUDITOR, Principal Consultant, HALOCK Security Labs

 

How do you balance limited resources with assuring 3rd party provider security?

 

  • Vendor Information Gathering
  • Inherent Risk Profiling
  • Categorizing Vendor Tiers
  • Setting acceptable levels of due diligence
  • Remediation and Acceptance Process
  • Vendor Oversight

 

10:10am -10:40am: Refreshment Break

10:40am-11:30am: Is it an Incident or a Breach? How to Tell and Why it Matters

 

Ryan F. O’Halloran, Vice President of Managed Services, Access One, Inc.

 

How you determine whether it is an incident or a breach that may or may not involve the exposure of sensitive customer data will determine, among other things:

  • Which organizations should get involved
  • What actions should be taken
  • How it will be resolved
  • If notification required
  • Who? When? How?

 

How you respond will determine can minimize the monetary, regulatory, and reputational damages and risks to you, your enterprise, and your customers.

 


O’Halloran

11:30am-12:20pm: Protecting Data The Way We Protect Money

 

Doug Wick, VP Product & Marketing, ALTR

 

In today’s digital world, data is as valuable as money. Yet while organizations have evolved processes and technologies for understanding the flow of money and for keeping it protected, they haven’t done the same for data.

 

Just as financial statements deliver the “truth about money”, organizations need a better understanding around the truth about data. Just as access to money is restricted and limited, organizations must govern access to data. And just as money is protect in a vault, so data must be protected in place when it is not being used.

 

During this presentation we’ll cover . . .

  • Challenges in today’s virtualized environment
  • A modern architecture for protecting data like money: The View, Valve & Vault
  • The “balance sheet and income statements” for data
  • Next-generation organization for data monitoring, governance, & protection

 


Wick

12:20pm – 1:10pm Luncheon

1:10pm-2:00pm: “No More Soft Chewy Centers” – Applying Zero Trust to Prevent and Respond to Breaches In Today’s Data Centers and Clouds

 

Dave Klein, Senior Director of Engineering and Architecture, GuardiCore

 

In this interactive discussion we will answer:

  • How we can begin to apply rolling zero trust processes to modern heterogeneous and DevOps?
  • Are most large data center attacks feats of amazing skill or merely taking advantage of easy to break “low hanging fruit”?
  • What are basic hygiene best practices?
  • How can DevOps based automation help?
  • What are the appropriate rolls of Firewalls?
  • What are the techniques to achieve better visibility?
  • What are existing and newer methods of segmentation that can be utilized?

 


Klein

2:00pm-2:50pm:  Cyber Security & BC/DR: Recovering from Ransomware & Breaches

 

Richard Diver, Cloud Security Architect, Insight

 

Seasoned practitioners are aware that BC/DR practices can reduce the cost of cyber breaches. But breaches will still occur and they will happen with greater frequency. How do you leverage all that DR/BC can offer to reduce the risk and mitigate the effects?

 

In this session attendees will learn:

  • How DR/BC teams can work together more effectively to plan for a breach
  • How you can improve recovery times from a breach
  • How to strengthen the resiliency of your infrastructure to reduce the risk if these incidents

 


Diver

2:50pm-3:20pm: Refreshment Break

3:20pm-4:10pm: Data Breach – How Do You handle? How Do You Respond?

 

James Mountain, Director of Information Security, Information Technology, Palmer College of Chiropractic

 

Incident response professionals and big data show us that organizations who are hit with cybersecurity breaches are woefully unprepared. Incident response plans get the most attention as a preparedness step, but when basic capabilities such as asset inventories, log management, and risk analysis are not in place, forensics specialists have a very hard (expensive) time investigating, containing, and recovering from incidents.

 


Mountain

4:10pm-5:00pm:  Breaches & Ransomware: How to Handle, How to Respond

 

Moderator:
Steve Shelton, RSM, Avanan
Panelists:
Neal Bridges, Director, Global Incident Response & Threat Management, Abbott Laboratories
Leon Ravenna, Chief Information Security Officer, KAR Auction Services, Inc.
Fred Kwong, CISO, Delta Dental of Illinois
and other CISOs/Security Directors

 

In this session, attendees will learn from CISOs and Security Executives as to how they are working through the challenges of Data Breaches and Ransomware.

 

               
Bridges       Ravenna     Kwong        Shelton

Conference Price: $289.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

 

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

CONFERENCE CO-SPONSORS