** All topics and speakers are tentative **
Why is Cybersecurity so Hard?
Bryan Pryor, Vice President, Sales & Marketing, The AME Group (formerly Integrity IT) -INVITED-
Jennifer Erena, Sales & Marketing Coordinator, The AME Group (formerly Integrity IT) -INVITED-
We’ll discuss why cybersecurity is still so hard for business; why cybercriminals are getting better; and why email is still the #1 threat. We will provide examples of basic security still being ignored. There will be an exploration of cybersecurity products that are meant to help but actually are causing confusion and sticker shock. The ever-growing compliance standards will be discussed and their impact on turning cybersecurity into a check box exercise instead of improving security. Also, we will explore the immature state and lack of standards in reporting cybersecurity metrics that prevent us from measuring our investment in security to even know if our security controls are working. A summary of practical tips meant to simplify these problems will be presented.
Cybersecurity Trends and Security Assessment Best Practices
Gui Cozzi, Cybersecurity Practice Lead, Dean Dorton Allen Ford, PLLC -INVITED-
Michael Gilliam, Cybersecurity Services Manager, Dean Dorton Allen Ford, PLLC -INVITED-
We will review the 2019 cyber threat landscape and discuss why cyber security is a growing risk for organizations of all sizes across all industries. We will learn about who the threat actors are, what their motives are, what organizations are being targeted, and what are the commonalities and trends behind the recent data breaches? In order to protect themselves, organizations have to understand what their risks are and how to manage them. Conducting a thorough and meaningful assessment is a fundamental step to achieve these objectives.
The Data Breach Bootcamp
Dana Howard, CIPPP/US, Privacy Law Attorney, Stoll Keenon Ogden PLLC -INVITED-
Jessica Middendorf, Privacy Law Attorney, Stoll Keenon Ogden PLLC -INVITED-
Nealy Williams, Privacy Law Attorney, Stoll Keenon Ogden PLLC -INVITED-
"My company is too small." "It won't happen to me." "I deleted the bad email." said every small business owner the day before a cybersecurity attack. Headlines reporting massive data breaches have become ubiquitous. Many data breaches, however, do not rise to the level of front page news, and many small businesses erroneously believe that it will not happen to them and/or do not understand their legal obligations to report data breaches. The failure to properly prepare for and report data breaches can cost small businesses big bucks. In this dynamic presentation we will inform you of the legal responsibilities to notify employees or customers of data breaches by walking through real-life simulations. We will review data breach notification laws, and the presenters will work with participants to determine best practices for responding to potential data breach situations at all stages, including pre-incident, the investigation, the reporting, and post-mortem.
Making Sense of Compliance
Joe Danaher, CISM, CRISC, CPHIMS, CISO, The AME Group (formerly Integrity IT) -INVITED-
2020: Data privacy legislation and compliance are becoming the norm for enterprises. Data Security Compliance may not impact you yet but it likely will and here is how: 1) State regulations many are modeled on GDPR https://www.jdsupra.com/legalnews/data-protection-laws-following-gdpr-44992/ 2) Cybersecurity insurers are increasingly requiring compliance. 3) Third-party contracts are requiring IT/Data compliance standards modeled on existing compliance standards. Let's take a look at current compliance standards and identify what they all have in common that will help you be prepared to meet compliance requirements you may already be facing or likely will be facing in the near future.
Learn How to Secure Your Business Against Cyber Threats
Scott Logan, CISSP, Chief Security Officer, NetGain Technologies LLC -INVITED-
When discussing cyber-attacks against your business, the discussion is not if, but when. Attempted cyber-attacks occur against all businesses every day — some are successful and some are not. In today’s world, proliferating devices and mobile workforces contribute to the rapid expansion of the corporate security perimeter. Learn about the simple, proactive, and cost-effective measures that every organization should implement. Are you prepared to handle security threats to your business? Join us for this informative session to protect your business and don't forget to bring your questions for the Q&A at the end of the session.
Stories from CyberShield, Lessons Learned on a Simulated Cyber Battlefield
Tony Sims, Cybersecurity Specialist, Microsoft Corporation -INVITED-
CyberShield is an annual, Red Team/Blue Team training exercise where National Guard Cyber Defense Teams hone their skills against human adversaries on a virtual cyber battlefield. Some of the most important lessons learned during the exercise have nothing to do with technology nor “1337 hacks”, they are about planning and leadership. Sims has been fortunate enough to attend CyberShield four times, three as a “Network Owner” (simulated corporation leadership) and once as a Red Team member. In this session, he will share key lessons learned from those exercises that can help make your cyber defense operation more successful.
Anatomy of an Attack (Red vs. Blue)
Corey Shell, CISSP, Senior Cybersecurity Consultant, Dean Dorton Allen Ford PLLC -INVITED-
John Askew, CISSP, Principal, Graywolf Security -INVITED-
During last year's Kentucky Chamber Cyber Security Conference, we demonstrated how a cyber attack can be launched against an organization and what impact it can have in terms of reputational and financial risks. This year, we will provide live demonstrations from the perspective of the Red Team (Attacker) and the Blue Team (Defender) with an emphasis on Endpoint Detection & Response (EDR) Platform capabilities and how EDR can allow your organization to detect and respond to real-world cyber attacks. In this demonstration, Askew will act as the Red Team (Attacker), while Corey Shell will act as the Blue Team (Defender). We will also discuss how to mitigate the risks associated with these attacks and how organizations can be better prepared to face cyber threats.
Security Operations Center-as-a-Service and Tales from the Trenches: Cybersecurity War Stories
John Davies, Senior Presales Systems Engineer, Arctic Wolf Networks -INVITED-
In today’s business environment, it’s imperative for organizations of all sizes to have a dynamic online presence. However, with always being connected, there comes real risk to your business. Ransomware attacks, like Petya and WannaCry, have demonstrated how businesses can be brought to a halt by locking access to business-critical data. So, how do you protect yourself? What should you be looking for? In this presentation, Davies will teach you about the importance of managed detection and response for your cybersecurity posture. As well, you will get to hear some of the most interesting attacks that AWN security engineers have successfully hunted down. When it comes to security, you must take a proactive approach in assessing the risks and vulnerabilities.
Is the New Systems Organization Control (SOC) for Cyber Right for Your Organization?
Kelley Miller, CISA, CISM, Principal, MCM CPAs & Advisors -INVITED-
Kourtney Nett, CPA, Partner, Risk Advisory Services Team Leader, MCM CPAs & Advisors -INVITED-
In 2017, the AICPA introduced a new report to its SOC suite, the SOC for Cybersecurity. The purpose of the SOC for Cyber is to report on an entity’s cybersecurity risk management program and controls. In this session we will provide an overview of this new report and will provide insights to consider whether this may be the best report for achieving your organization’s objectives.
PSV and RPA Key Elements of Your Cyber Profile
Richard Taylor, CISA, Principal, MCM Technology Solutions -INVITED-
Jim Kramer, Partner, IT Consulting Team Leader, MCM CPAs & Advisors -INVITED-
Penetration, Social Engineering and Vulnerability (PSV) testing are key elements in increasing a company’s cyber resilience. These preventative, detective and responsive controls along with Robotic Process Automation (RPA) can provide ongoing/ reoccurring test and reporting of infrastructure and training weaknesses.
Cyber Security – A Layered Strategy
Steve Platnick, Vice President, MITS, Coker Group -INVITED-
Within a constantly evolving landscape of security requirements, eminent threats, and zero-day attacks the ability to identify and defend against threats, from without or within, in real-time, is a necessity to protect patient identifiable information and ensure regulatory compliance. Simple endpoint anti-virus solutions can't protect critical IT assets and information against the wide range of exploits in use today. Developing a multi-tiered defense policy is the best way to defend against malicious actors of all kinds.
14 Cybersecurity Awareness Tips from The Muppets
Joe Danaher, CISM, CRISC, CPHIMS, CISO, The AME Group (formerly Integrity IT) -INVITED-
Fourteen end user tips on cybersecurity will be presented by Muppet-like puppets to demonstrate the "Gamification of Cybersecurity Awareness Training". Phishing, password management, open source intelligence, third-party risk and the importance of awareness training will be featured.
Every (Cyber) Breath You Take
Dana Howard, CIPPP/US, Privacy Law Attorney, Stoll Keenon Ogden PLLC -INVITED-
Jessica Middendorf, Privacy Law Attorney, Stoll Keenon Ogden PLLC -INVITED-
Nealy Williams, Privacy Law Attorney, Stoll Keenon Ogden PLLC -INVITED-
It's 8p.m., do you know where your data is? No. Your electric company may know where you are. The mobile app you downloaded once to get a discount from your favorite store may know your geographic location. An artificial intelligence company you know nothing about may have pictures of your children. In this session we will inform you about the types of personal information and data being collected, distributed, and/or sold by various third parties. Some of this information may have been collected with or without authorization, unknowingly or unwittingly. We will provide various tips and recommendations for protecting personal information and data on the internet, including specialized mobile apps that make consumers aware of the types of apps being collected. We will also give you information regarding your legal rights to know what data is being collected and control the usage of that data.