Uniting Business. Advancing Kentucky.

Search form

Agenda

Day 1: Tuesday, February 27, 2018

8 a.m.
Registration and continental breakfast with sponsors


8:30 a.m.
Welcome and Opening Remarks

Kathie McDonald-McClure, Partner, Wyatt Tarrant & Combs LLP

8:40 a.m.
Welcome and Legislative Update

Kate Shanks, Director, Public Affairs, Kentucky Chamber of Commerce

8:50 a.m.
Are We Sacrificing Our Privacy Rights in the Name of National Security?

Col. Edwin A. Tivol (Ret.), Founder, CyPhySecurity, LLC
LaJuana S. Wilcher, Partner, English, Lucas, Priest & Owsley, LLP  

What types of privacy are protected under United States law? Have those rights been affected in the aftermath of 9/11? Those questions have become increasingly relevant as National Security agencies seek to protect the United States from terrorists, threat and crimes. This presentation will review U.S. privacy protections; examine the evolution of the National Security complex and surveillance technology; evaluate where surveillance, privacy and National Security collide; describe trends in cyber security threats; and address U.S. efforts to protect both the privacy and security of its people.

10 a.m.
Social Engineering Today – Combatting the Electronic Con Artist

Kelley Miller, CISA, CISM, Principal, MCM CPAs & Advisors
Rick Taylor, CISA, Principal, MCM CPAs & Advisors

Social engineering techniques have been around since the beginning of time, and they aren’t going away anytime soon. Due to advancements in technology, a mix of both technical and non-technical social engineering attacks are becoming an increasingly large threat to people, organizations and sensitive data because attackers are more informed and backed by the availability of easy to use and comprehensive technical tools that have not been seen before. While an organization’s people are often its greatest asset, they can also pose the greatest risk due to insufficient training, experience and awareness. This session will discuss the history of social engineering, the most common methods utilized in today’s business environment and mitigation techniques an organization can deploy.

11 a.m.
Is Your Business Exposed to Ransomware or Other Network Intrusions? Do You Really Know Your Risk?

Joe Danaher, CPHIT, CISM, Chief Information Security Officer, Integrity IT
Performing a Security Risk Assessments (SRA) and Analysis is vital to understand your assets, threats, vulnerabilities and risks. A SRA is also required by some industries, like HIPAA covered entities. It is easy to assume you are well protected and are doing the right thing – and you might be – but how do you know? The reality is, companies performing risk assessment always find room for improvement and sometimes find unknown intruders. We will walk you through a sample SRA and discuss each component in the process. We will address best practices for when and how to perform this risk analysis. The bottom line is: you cannot mitigate unknown risks.

12 p.m.
Lunch with sponsors


12:45 p.m.
Cyber Threats: How Your Everyday Activities Place Your Data at Risk

Justin L. Root, Of Counsel, Dickinson Wright
Your digital assistant wouldn’t give away your company’s secrets, would she? Can the most recently posted picture of your cat give hackers a way to target your intellectual property? Do you really know if your online accounts have been compromised? Take a firsthand experiential tour through common threat vectors that can expose you to cybercrime or civil liability. In this session, we will explore the anatomy of cybercrime, review technical and non-technical threats to the security of your data and learn a few tips for minimizing the inherent risks along the way.

1:45 p.m.
Cyber Risk Insurance: Coverages, Trends and Misconceptions

Joe Davis, Esquire, cyRM, Director of Cyber Liability, Van Meter Insurance
Kathie McDonald-McClure, Partner, Wyatt Tarrant & Combs LLP

A bad actor uses an RDP brute force attack to install ransomware on your network causing a business shutdown, financial loss and reputational harm. An attacker uses your email server to send socially engineered phishing emails that trick employees into providing log-in credentials, allowing access to confidential information that is sold on the dark web. Your cloud service provider is hacked after a firewall port is left open and trade secrets and personal information of customers is exposed. An attacker overwhelms your website server with traffic, takes your website down for ransom and prevents customers from placing orders, doing you financial harm. Do you have cyber insurance to cover losses from these types of attacks? During this session, you will learn what cyber risk coverage options there are, how to select the right coverage for your business, how to identify provisions in policies that may bar coverage and how best to reduce your premium costs.
 
3 p.m.
The People Problem

Dan Collins, CISSP, Senior Risk Consultant, Crowe Horwath LLP
The end user is historically viewed as the weakest part of a security program. Numerous studies attribute a great portion of security incidents to human error. Security awareness training often falls to the wayside because organizations see no benefit when ‘it only takes one’ for an attack to be successful. Yet, are we tapping the full potential of our employees? Perhaps the real weakness is an overlooked and underestimated resource. In this talk, we will explore the stigma attached to the end user, a possible paradigm shift in security awareness, and how people actually have potential to be the greatest asset to a security program.

4 p.m.
Could Vendors or Third-Party Access to Your Network Be Placing You at Risk?

Mary Fullington, Partner, Wyatt, Tarrant & Combs LLP
The 2017 Ponemon Institute Data Breach Study reported that vendor and third-party access to company networks greatly increase the cost of a data breach. Most data breach laws hold the data owner responsible for a vendor’s security breach. Vendor negligence, inadequate security safeguards and controls, a less than secure connection to your network all can expose confidential business or personal information. The Target breach involved an HVAC vendor connected to Target’s IT network. This presentation will address due diligence pointers and written assurances to obtain when a third party will have a connection to your network to perform services.

4:30 p.m.
Your Company’s Notification Obligations After a Ransomware, DDoS Attack or Other IT Security Incident

Margaret Young Levi, Counsel, Wyatt Tarrant & Combs LLP
Kathie McDonald-McClure, Partner, Wyatt Tarrant & Combs LLP

This brief session will provide an overview of triggers that may require your company to comply with state and federal data breach notification laws. Get insight into key differences between the notification laws, such as the type of data exposures to which the laws apply and the standard that determines whether you have a “data breach” that requires notification. These triggers will drive your company’s legal obligation to notify individuals whose personal information is in your network when you have an unauthorized computer intrusion.

5 p.m.
Day one adjourns


DAY 2: Wednesday, February 28, 2018

8 a.m.
Registration and continental breakfast with sponsors


8:30 a.m.
Welcome and Overview

Kathie McDonald-McClure, Partner, Wyatt Tarrant & Combs LLP

8:45 a.m.
Current Issues in Professional and Personal Security: A Primer for Preparedness, Response and Best Practices

Rebecca Bates Manno, Member, Steptoe & Johnson PLLC
Susan Pauley, Of Counsel, Steptoe & Johnson PLLC

Cybersecurity risks are no longer isolated events and pose a constant threat to all of us, both professionally and personally. In this presentation, we will focus on key issues related to breach preparedness and breach response. You will learn, in general, the ways in which breaches typically occur and the consequences of a breach. We will cover tips on breach avoidance and preparedness and what should be done if you experience a breach, including breach notification requirements. We will also cover the types of legal actions (both regulatory and lawsuits) that may arise from a breach.

10 a.m.
Outside the Box: How the Internet of Things Poses New Cybersecurity Risks and Challenges the Law

Jill McIntyre, Member, Jackson Kelly PLLC
This presentation will focus on the cyber risks and legal ramifications of the “Internet of Things.” We will provide attendees with useful and interesting information about how the increasingly common connection between the internet and everyday items such as TVs, refrigerators, home security systems and numerous other “things,” gives rise to dangerous new cybersecurity risks and how the law is struggling to adapt to those risks. This presentation consists of two parts. In part one, we will familiarize the attendees with the Internet of Things, its attendant risks and what businesses and individuals can do to minimize their exposure. In part two, we will discuss how the IoT is disrupting the law, and what the technology industry, courts, and state and federal agencies are doing to adapt.

11 a.m.
Understanding Cyber Breaches and Mitigation Options

Kevin Cornwell, CPA, CISA, CITP, Associate Director of Technology Consulting, Dean Dorton Allen Ford, PLLC
Jason Miller, Director, Business Consulting, Dean Dorton Allen Ford, PLLC

Cyber incidents have become a big topic in today's business world. However, many businesses still do not spend enough time and resources understanding how a cyber breach can impact their business and, more importantly, how they can minimize and mitigate their cyber risks. As evidenced by news headlines, a cyber risk strategy relying only on prevention is not enough. We will also examine cyber-breach response and recovery concerns. Join us for an interactive session that will explore how a breach can impact your business and how to go about reducing your risk. Hear from business advisers who also understand technology.

12 p.m.
Lunch with sponsors


12:45 p.m.
Framework for Incident/Breach Response Plans

Dennis Kennedy, Partner, Dressman Benzinger LaVelle PSC
This session will review the regulatory framework establishing incident/breach response plans. We will compare various guidelines by industry on the elements of an incident response plan. Finally, we will review breach response requirements under the FTC Health Breach Rule, Payment Card Industry and HIPAA.

2 p.m.
Network Security Audit: Taking an Expert View into Your Cyber Risk and Resiliency

Kevin Latta, Vice President of Network and Security, Computer Services, Inc.
Steve Sanders, CISA, CRMA, CRIS, Vice President of Internal Audit, Computer Services, Inc.

Your network is only as secure as its most vulnerable entry point – and that can be either digital or human. With network security playing such an important role in your daily operations, you cannot afford any missteps or oversights, lest you incur a data breach, financial penalty or reputational damage (or all three). Cybersecurity is an evolving, multi-faceted issue, so you have to be constantly engaged in risk prevention and mitigation. This interactive discussion, led by a network security practitioner and an internal audit expert, will give you two helpful perspectives on the ways in which you should approach cybersecurity risk and resiliency in today’s fast-moving network environments.

3 p.m.
Security Controls and Validating Effectiveness

Bob Salmans, CISA, CEH, Senior Engineer, Integrity IT
Firewalls, passwords, and anti-virus are not enough to battle today’s threats. We will discuss these critical controls plus how 24/7 third-party monitoring, early detection (SIEM, IPS) and employee awareness training all play a role as key security controls to protect your business.

3:55 p.m.
Closing Remarks

Kathie McDonald-McClure, Partner, Wyatt Tarrant & Combs LLP

4th Annual Cyber Security Conference adjourns