Uniting Business. Advancing Kentucky.

Search form


Day 1: Thursday, January 24, 2019

8 a.m. | Registration and continental breakfast with sponsors

8:30 a.m. | Welcome and Legislative Update
Kate Shanks, Vice President of Policy Development, Kentucky Chamber of Commerce

8:40 a.m. | From the “Things I Didn’t Know I Need to Know” Department
Mary Fullington, Partner, Wyatt Tarrant & Combs, LLP

  • Cybersecurity – It’s not just for big companies anymore
  • The NIST Small Business Cybersecurity Law
  • Does the GDPR apply to your U.S. based company?
  • The What, Why, and How of the U.S. Privacy Shield

9:25 a.m. | Why Privacy? Why Now? What Now?
Greg Anderson, Data Protection Officer, Lexmark International, Inc.
Privacy, it seems, is suddenly front-page news with the details of yet another breach or loss of personal data surfacing nearly every day. While uniform privacy laws have been surfacing or evolving around the world for some time, a new federal privacy law seems to be on the horizon. For those new to the concept of a privacy program (as opposed to a security program), it is daunting to understand these looming requirements and to know what steps to take. In this presentation, we will do a shallow dive into the world of privacy laws, understand the common themes and talk about practical steps businesses can take to create or reinforce their privacy program.

10:30 a.m. | Social Engineering: Think Like an Attacker to Avoid Being a Victim
Joe Danaher, CISM, CRISC, CPHIMS, CISO, Integrity IT
Social Engineering in Information Security involves the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Learning how attackers think and act will help everyone realize just how important it is to understand the threats that social media can have on your company's data and IT security. I will discuss and demonstrate how an attacker identifies a victim through the use of social media techniques. OSINT, or Open Source Intelligence, will be utilized to demonstrate the information gathering that can easily be done on a spear phishing target. I will discuss tips and demonstrate methods to help prevent personal information disclosure that may, unknowingly, put your business at risk.

11:15 a.m. | Anatomy of an Attack
John Askew, Principal, Graywolf Security
Gui Cozzi, Cybersecurity Practice Lead, Dean Dorton Allen Ford, PLLC
Corey Shell, Senior Cybersecurity Consultant, Dean Dorton Allen Ford, PLLC

We will demonstrate how a successful cyber attack can be launched against an organization and what impact it can have in terms of reputational and financial risks. There will be some real-world examples of these concepts so be prepared for exciting live demos! We will also discuss how to mitigate the risks associated with these attacks and how organizations can be better prepared to face cyber threats.

12 p.m. | Lunch with sponsors

1 p.m. | Protect, Detect and Respond in Office 365
Tony Sims, Cybersecurity Threat Specialist, Microsoft Corporation
This session is based on lessons learned from real attacks within Office 365 and will provide prescriptive guidance on how to protect, detect and respond by leveraging the built-in tools within Office 365, Azure Active Directory, Windows and Azure. We will provide demonstrations using the tools in a simulated tenant attack.

2 p.m. | SOC Reports: TSC 2017 and the Increased Focus on Cybersecurity
Kelley Miller, CISA, CISM, IT Assurance Principal, MCM CPA’s & Advisors LLP
Kourtney Nett, CPA, MBA, Partner, Risk Advisor Services Leader, MCM CPA’s & Advisors LLP

High profile cybersecurity attacks on major corporations have resulted in an increased focus on cybersecurity by directors, customers, vendors, business partners and regulators. The Association of International Accounting Professionals continues to emphasize cybersecurity risks and provides attestation examination engagements including System and Organization Controls (SOC) report as a mechanism to increase users’ confidence that the service providers are protecting their data. We will give background on how the new TSC 2017 criteria was developed and guidance in gaining a competitive advantage by providing additional confidence to stakeholders through issuance of a SOC attestation report.

3 p.m. | Case Study: Roadmap to Security Compliance
Phil Miller, President, vCIO, Integrity IT
Brant Poore, President and CEO, Information Capture Solutions
Breaches caused by third party relationships are a significant risk to your company. Clients and potential clients are asking for proof of your security measures to protect their data. We will walk through one company’s efficiency and success in preparing and achieving HIPAA and SOC2 compliance.

3:45 p.m. | These Forgotten IT Policies are Undermining Cybersecurity
Kevin Cornwell, CPA, CISA, CITP, Associate Director of Technology Consulting, Dean Dorton Allen Ford, PLLC
Because of the lack of four policies, all other policies related to cybersecurity and availability are going to have huge gaps in them. We will discuss the IT policies most organizations do not have in place and how they supplement and are critical to shaping the policies we normally expect to have.

4:30 p.m. | Day one adjourns

DAY 2: Friday, January 25, 2019

8 a.m. | Registration and continental breakfast with sponsors

8:30 a.m. | Welcome and Overview
Mary Fullington, Partner, Wyatt Tarrant & Combs LLP

8:40 a.m. | Digital Security: The Bad Guys are Always On; Shouldn’t You Be Too?
Glen Combs, Partner, Crowe LLP
Mike Brancato, Digital Security Architect, Crowe LLP

Malicious attackers never turn off the lights. Once they are in your environment, it's likely that you won't know it for many months – and then only when something bad happens. Learn how to proactively identify real threats and minimize the impact before it minimizes your business.

9:25 a.m. | Are You Covered? The Ins and Outs of Cyber Risk and Liability Insurance
Kathie McDonald-McClure, Partner, Wyatt Tarrant & Combs LLP
Joe Davis, Attorney, cyRM, Director of Cyber Liability, Houchens Insurance Group

Insurance coverage for cyber risk and liability is still considered an immature market, and policies forms vary widely. We will discuss the types of cyber risks and data incidents for which insurers are offering coverage. You will learn about key policy terms, common exclusions, endorsements and riders that should be reviewed closely to determine what incidents may fall inside and outside the policy's coverage. In addition, we will address key considerations to include in your risk assessment evaluation of whether to buy insurance coverage and the type and how much coverage your company should have.

10:30 a.m. | What’s New in State Privacy Laws in 2018
Mary Fullington, Partner, Wyatt Tarrant & Combs, LLP
In this presentation, we will alert you to meaningful changes in state privacy laws across the country in 2018, including significant developments in California and New York, which are applicable to companies outside of those states, and in Ohio, which is now providing a safe harbor from liability for companies complying with NIST standards.

11:15 a.m. | A Healthy Cybersecurity Plan
Dan Collins, CISSP, Principal, Graywolf
Being healthy requires a lot of hard work. You need to see a doctor regularly, exercise, eat nutritious foods and abstain from things that are bad for you. Coincidentally, cybersecurity is very similar. We will discuss healthy cybersecurity habits, ranging from testing to remediation to maintenance. We'll look at some instances of folks that should have taken better care of themselves, and we'll also discuss how to get started if you're totally out of shape but want to shed some vulnerabilities.

12 p.m. | Lunch with sponsors

1 p.m. | Isn’t it Ironic, Don’t You Think?
Mike Gilliam, Cybersecurity Manager
Isn’t it ironic, don’t you think? The security industry spending is expected to exceed 114 billion dollars in 2019, but does more spending on security controls necessarily equate to better security? Through the lens of situational irony, we will discuss some anecdotal examples from a storied career of security controls gone horribly awry and how security controls themselves, if not properly managed, can backfire.

1:45 p.m. | I’ve Been Breached! Now What?
Phil Miller, President, Integrity IT
Kathie McDonald-McClure, Partner, Wyatt Tarrant & Combs LLP
Joe Davis, Attorney, cyRM, Director of Cyber Liability, Houchens Insurance Group
Moderator: Jason Miller, Director of Business Consulting Services, Dean Dorton Allen Ford, PLLC

In this session, you’ll learn from incidence, technical, legal and compliance experts what to do once a breach has occurred. How you respond can determine the gravity of the breach, the impact on customers and the impact on your bottom line!

2:30 p.m. | Ask the Experts
Phil Miller, President, Integrity IT
Gui Cozzi, Cybersecurity Practice Lead, Dean Dorton Allen Ford, PLLC
Kathie McDonald-McClure, Partner, Wyatt Tarrant & Combs LLP
Joe Davis, Attorney, cyRM, Director of Cyber Liability, Houchens Insurance Group
Moderator: Mary Fullington, Partner, Wyatt Tarrant & Combs, LLP

Come prepared to ask any cybersecurity-related questions you might have from the conference or in general.

3 p.m. | 5th Annual Cyber Security Conference adjourns