The EU General Data Protection Regulation is a new privacy regulation that will affect every global organization. Find out what GDPR is all about, why it is so important and what we as Security professionals should be doing to be prepared for this regulation.
Michael Mettenheimer, Vice President of Security and Privacy Solutions, Oracle
Vice President of Security and Privacy Solutions, Oracle
Michael Mettenheimer is the Vice President of Security and Privacy Solutions at Oracle, with more than 12 years experience in the Security Industry. Michael has the privilege of traveling around the US and Canada, working with organizations to understand and help solve the business challenges that organizations face around security. Prior to joining Oracle, Michael was the Global Identity Management Evangelist for Sun Microsystems. During this time Michael worked with many global organizations to help solve their identity and access management business challenges.
Michael Mettenheimer earned a BS in Commerce and Engineering from Drexel University.
Many organizations now face the need to comply with multiple cybersecurity regulations. For instance health insurance companies must comply with HIPAA and, for those operating in New York State, they must also now comply with 23 NYCRR 500. Implementing policies and procedures for both can be expensive and cumbersome. If the organization must also comply with other standards, such as PCI or SOX it can become near impossible. In this presentation Dawn and Alan will present on how one can take a “Rosetta Stone” approach to these regulations and translate them into existing cybersecurity policies which, in turn, can be implemented through standard procedures. Once the translation between the regulation and the cybersecurity control is defined, well established audit processes then exist to measure compliance. This allows organizations to have only one set of policies and perhaps more importantly, just the policies they need to comply with all the regulations that govern their conduct.
Alan Winchester, Partner, Harris Beach, PLLC
Alan is a partner of the law firm Harris Beach PLLC. He is leader of the Cybersecurity Protection and Response practice. Alan assists organizations develop and implement compliance programs for critical information and systems, offering guidance on legal and regulatory requirements associated with the storage of protected information and what to do in the event of a data breach, developing and implementing an information security incident response plan, working with IT professionals to investigate the scope of a data breach and working to represent organizations faced with either government investigations or private actions associated with cybersecurity loss. He is a frequent speaker and publisher on Cybersecurity issues.
Dawn Russell, Manager of Information Security, Harris Beach, PLLC
Dawn is manager of information security for Harris Beach where she develops, establishes, and maintains standards, procedures, guidelines, and policies to promote and support the security of computer systems at the firm and its ancillary businesses. She works closely with IT to identify, implement, and test security and related controls. She also develops governance programs for client data to meet requirements relative to security of protected information. Dawn is a member of the Cybersecurity Team and is an ISACA Certified Information Security Auditor.
Join me for a case study on a data breach, as we explore the basics of Data Privacy: What it is, what it isn't.
Brendan Keaveny, Ed.D., CIPM
Dr. Brandan Keaveny is currently the principal consultant/founder of Data Ethics LLC, a consulting firm that builds on his 17 years of collective experience as a school district administrator, college professor, and teacher of students with special needs. As a school district administrator at the levels of director and chief officer for accountability in two urban school districts, Dr. Keaveny groomed and built teams of professionals with varying degrees and areas of expertise in analytics and data governance to drive the strategic vision of the districts he served. In addition to his experience as a practitioner, Dr. Keaveny earned his Doctorate in Education in Educational Leadership from the University of Rochester and has earned the ANSI-accredited designation of Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP). Dr. Keaveny currently serves as the founding chair of the International Association of Privacy Professional’s KnowledgeNet Chapter for the Rochester, NY area.
On September 13, 2016, the New York State Department of Financial Services published draft regulations addressing Cybersecurity and related business continuity issues for it’s over 3,000 regulated entities in the state. On Dec 28, 2016, DFS came out with revisions. These regulations, for Financial Institutions and Insurance companies, are just as pertinent to all organizations who wish to have resiliency.
The New York State Department of Financial Services has modified its proposed cyber security regulations and delayed their start date by two months. The proposed regulations are now slated to go into effect on March 1, 2017, with a 180-day compliance window.
According to Governor Andrew M. Cuomo, these are “first-in-the-nation" regulations “designed to protect New York State from the ever-growing threat of cyber-attacks. They “require banks, insurance companies, and other financial services institutions regulated by the State Department of Financial Services to establish and maintain a Cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry.”
Michael C. Redmond , PhD, MBA, MBCP, FBCI, CEM, ISO certifications, is serving as lead strategic consultant on the IT consulting team at EFPR Group www.efprgroup.com. She is a recognized international consultant, auditor, speaker, author, and trainer. Dr. Redmond is an international consultant, speaker, author, and trainer. She has helped international organizations create great Cyber Incident Response (CSIRT) programs, plans, and playbooks; security information and event management (SIEM) programs; and compliance programs. Redmond has two books coming out this year on cyber security and business continuity. Redmond has “BASIC CYBER SECURITY” audio training series and workbook which Disaster Resource Guide grants six continuing education units.