8:30am - 4:30pm (Registration opens at 8:00am)
Cybersecure Your Business: View from the FTC
Charles Harwood Director of the Federal Trade Commission’s Northwest Regional Office
Companies that consider data security from the start, by assessing their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved, can significantly reduce exposure to data loss and compromise. From information collection policies and product design through training, transmission, storage, monitoring, and disposition, planning is fundamental to managing for data risks. Law enforcement actions by the FTC and other agencies provide important guidance concerning the risks companies should consider in their planning and risk assessment exercises. This talk will use examples from more than 60 FTC data security-related law enforcement actions to help you think about common risks and reasonable responses.
Be Heard in the C of Priorities
James Habben Forensics Investigator at Verizon
There are a lot of projects demanding resources from executive leadership. Information Security is an important initiative and we need to make sure we work within the needs of the business and effectively communicate the risks and solutions. Make sure your requests are heard.
Security Breaches - A Survival Kit
Dhanesh Gandhi Senior Specialist at KPMG Cyber Practice, Steven J. Morrison, Director, KPMG Cyber Response Services
As many organizations are recognizing and experiencing first-hand, cyber-attacks are no longer a matter of if, but when. Recent cyber breaches at major corporations highlight the increasing sophistication, stealth, and persistence of cyber-attacks that organizations are facing today. Join our discussion where KPMG shares insights on themes such as what does ground zero on the day of breach looks like, what are the strategies that organizations need to implement to mitigate the impact of future breaches in a chaotic environment.
Reconnaissance - What hackers do to prepare for an attack
Trey Blalock Owner of Verification Labs
Techniques used by attackers operating at different scales to scope out a company’s Internet presence, identify the location of critical assets, locate third-party connections, identify weaknesses in systems, and then exploit these weaknesses in a variety of ways. Specifically, this talk will showcase the vast amount of information available to attackers which allows them to continuously map an organization's attack surface and find areas of opportunity.
Automating Defenses, Incident Response, and Forensics
Trey Blalock Owner of Verification Labs
Discussion about problems with traditional security deployments and how automating responses to attacks can make a huge impact on what attackers can do to radically increase the effort required to compromise systems and steal data. Followed by a walk through of how to automate incident response across an entire environment including a discussion on automated forensics.
Finding the Weakest Security Link
Joan Ross President of CISO Advisory Services
Business networks are complex ecosystems that are constantly interconnecting. Assets are now spread out far and wide, increasing the difficulty for the security team to understand and evaluate the protections in place. Security industry expectations are that organizations are routinely applying security management frameworks to identify the weak links, but security teams experience significant challenges in not only accomplishing their priority tasks, but in managing the expectations from limited budgets compared to burgeoning business operations. In this session, we’ll discuss:
· The Big 10 areas of cybersecurity weakness that security professionals struggle with 24/7/365.
· The laser focus necessary to deter, defend, and develop resilient security improvements to stay ahead.
· The ethical challenges security teams at times face in from executive expectations – it’s never perfect security.
· Five initiatives every security team should lead their organizations in putting in place.
· The importance of security mentorship – how to build strong teams and bring others into the profession.
8:30am - 4:30pm
will be HAS BEEN breached. Now what?
Sean Murphy CISO at Premera Blue Cross
The frequency and impact of data breaches in the healthcare industry show no signs of slowing. Most realize the issues have moved past, “It is not if, it is when.” Today, the question has become, “when is now, so now what?” Join us for a keynote discussion on the best practices in data breach response and recovery. How an organization prepares for an event will determine the impact on an organization both in the short-term and the long-term. Customer experience, reputation repair, and some financial bottom line data are directly related to prompt and effective response and recovery. Incident response has quickly become an important measure of cybersecurity due diligence. The best time to prepare for the data breach is last year…the next best time is today. Attendees will benefit from personal experience, lessons learned, some of which are recounted in Sean’s book, “Healthcare Information Security and Privacy,” and other industry best practices shared in this relevant and timely presentation.
Protecting Critical Assets in the Information Age
Ilanko Subramaniam Director of Risk & Data Protection Services at Templar Shield
What is the most complex enterprise risk faced by an organization of this era? Why are companies more interested in understanding and protecting their crown jewels - information, more than ever. Information assets are more valuable than before. This presentation will detail the risk of losing your information assets including the data on your customers and third-parties. Information assets are more valuable and critical to the continued operations of your organization. We will explore industry practices in leveraging security and privacy programs and tools to address emerging risks related to potential data breach and help create focus on “when” and not “if”.
Bryan Marlatt, Director KPMG Cyber Practice
We see in the news, on a regular basis, how companies are getting hacked and how they may have prevented the loss of business partner, client and/or consumer data. Many times the attack may have been prevented or the loss of data may have been minimized. KPMG will show how they work with their clients to prepare for an attack and what to do if an attack does occurs.
Cybersecurity Simulation 2.0: Managing Today’s Crisis for the Enterprise
Aravind Swaminathan Global Co-Chair of Orrick’s Cyber, Privacy and Data Innovation practice
Jason Smolanoff Senior Managing Director, Global Practice Leader Cyber Security and Investigations at Kroll
A four-hour simulated cybersecurity incident.
Legal and PR/communications experts have created a hypothetical cybersecurity data breach, ripped right from the current data breach headlines. Designed to mimic the way that a typical data breach incident unfolds, our tabletop exercise will begin with a basic factual scenario (e.g., FBI contact about employee personal data on the dark web; a blog post speculating about a potential security incident, customer complaints of identity theft or fraud). Then, over the course of the exercise, our facilitators will inject new facts into the situation, and give participants a chance to discuss response measures, tactics, and strategies. Our facilitators will guide participants, highlighting best practices and potential pitfalls based on their experience responding to hundreds of similar incidents over the last three years. At the conclusion of the exercise, the facilitators will provide comments and critique of the participants, and offer additional insights into breach incident response.
See you there!
Puget Sound Chapter Board
May 15, 2018: Annual General Meeting
Topic - TBD
Location – Columbia Tower – Downtown Seattle
11:30 am – 1:00 pm