Archives: Seminar

Third Party Risk Management: Building a Relationship to Last

  Presented by Alan Epley • Senior Security & Compliance Analyst; Buildertrend

This session will introduce the basic concepts of a Third Party Management program through the conceptualization of the relationship into human relationships. The session will take you through three phases:

  • Courtship – Getting to know each other and familiarization
  • Long-term commitment – Signing contracts and planning growth together
  • Blissful success or Separation anxiety – Not all relationships can be the best

At the end of the session, you will have a better understanding of what to expect from your third parties as well as what your third parties expect out of you. This knowledge will assist in developing an overall Third Party Management program that fits your company’s needs and strategic efforts.

How to Keep Social Engineers from Choo-Choo-ing Through Your Defenses

  Presented by Karla Carter • Associate Professor; College of Science & Technology, Bellevue University

Social engineering will be a cybersecurity threat as long as we have people (as opposed to Skynet) making decisions. The human, as opposed to the machine, is the preferred platform for the social engineer to conduct their nefarious plans to derail your business. Come learn how to spot the signal flags of the social engineer, train yourself how to not get railroaded into a breach and put the brakes on confusion and delay.

Karla Carter is an associate professor in the College of Science and Technology at Bellevue University, in Bellevue, NE. Drawing on more years than she should be admitting of information technology experience, she teaches cybersecurity, information technology ethics, and general information technology and history/civics courses. In addition to being Vice Chair for the Nebraska Chapter of the IEEE Computer Society, Chair of ACM SIGCAS, and a member of the ACM Committee on Professional Ethics (COPE), she is curious, intense, and irreverent, and cannot resist puns.

ComPriSec: The Combining of Compliance, Privacy and Security Is the New Normal

  Moderated by INTERFACE Advisory Council

Many Compliance, Privacy and Security Professional’s are struggling to find their role in the ecosystem. They wear many hats, often in conflict with each other. Compounded by executives trying to find the right staffing level for these roles without fully understanding what they do. As compliance and privacy get more visibility, organizations are facing new challenges. This panel will discuss the complications companies face defining the separation of duties between compliance, privacy and security. What is the difference between them and why. When security will not do it then compliance becomes the catch all, is that appropriate? This panel of security, compliance and privacy experts will give you guidance to address these issues for companies of all sizes along with other common issues that compliance, privacy and security professionals are now facing.

Moderator:

  • Ron Woerner • Information Security Professor, Bellevue University

Panelists:

  • Lisa McKee • CEO, Securikee Dr
  • Rob LaMagna-Reiter • CISO, First National Technology Solutions
  • Warren Fish • Principal Consultant

Administering Responsibly

  Presented by Quest Software

Managing elevated and shared access credentials is one of the biggest challenges facing complex heterogeneous organizations today. Administrators must be able to access the systems they manage with sufficient rights to do their jobs, but organizations must control that access to ensure security and regulatory compliance. The days of administrators sharing accounts and passwords and operating without auditing are gone (or they should be).

Large enterprises face unique challenges. They too must control the use of elevated privileges, but they need to find ways to enhance authentication for these accounts to meet mandates while still enabling administrators to administer. Even with multifactor authentication to “check out” a privileged account or session, we still need to take steps to mitigate potential account compromises – making sure the admin that authenticated today is still who they say they are. We’ve come to the point where we need to continuously analyze administration by watching normal behavior and comparing it to current behavior – with real-time in-line remediation to add a powerful layer of risk mitigation.

Cloudy with a Chance of Breach

  Presented by Check Point Software

As organizations implement their cloud adoption strategy, there are several factors that will either ensure success, or lead to undesirable outcomes. This session explores the opportunities and pitfalls of moving to the could by examining the threats and responsibilities that a cloud presence incurs. Through examination of actual threat surface, and cautionary tales from the real world, we will understand the factors that we need to consider when building a cloud adoption strategy.

7 Simple Steps to Cut Your Security Risk

  Presented by Matt Morton • Board Member, NEbraskaCERT

Ever wonder why we rarely reach our security goals? In this presentation we will go over and identify the key steps to get operationally secure so that:

  • Risk is reduced
  • Security of your assets is improved
  • Cost is optimized
  • Value is measured
  • Results are communicated

This workshop not only outlines these steps but identifies key resources that are either free or low cost that can assist you in getting to your security program goals.

Easiest Catch: Don’t Be Another Fish in the Dark ‘Net

  Presented by Mark Lanterman • Chief Technology Officer for Computer Forensic Systems

You’ve read the headlines. Unfortunately, the question now is not if
your information is going to be accessed or stolen, but when. To inform
the attendees of current developments in the digital underground as
well as provide realistic advice for cyber protection, Mark Lanterman
will be discussing recent high-profile cybercrime events, including
website breaches impacting courts, law firms, and government
agencies. Mark will discuss particularly dangerous types of threats that
might affect individuals involving the Dark Web, the Internet of Things,
phishing, and Wi-Fi attacks; additionally, Mark will demonstrate the
value of leveraging digital evidence and ESI in the courtroom.

Be Agile or Be Slow! Agile Transformation Experience

  Presented by Riaz Yusuff • CIO, Office of HR, University of Minnesota

The IT team in the Office of HR at the University of Minnesota has transformed from waterfall to Agile scrum methodology. While the transition went smoother than expected, it also brought some good lessons to light.

This presentation will cover the background and motivation behind the transition into Agile, key lessons learned, metrics on the outcome and best practice suggestions.

Information Technology and Cybersecurity Certifications Road Map

  Presented by Bob Weiss • CEO, WyzCo Group, Inc.

Are certifications worth it? Do they help with professional advancement and employment opportunities? This presentation looks at some pf the popular certification tracks, including those with a cybersecurity focus. The presenter will discuss the best ways to prepare for a certification exam, and how to keep certification in force using continuing education credits.

How an Information Security Controls Assurance Program Adds Value to an Organization

  Presented by Steve Means • Director IT, Information Security GRC

Today’s organizations face heightened state, federal and international regulatory expectations. Increasingly, internal and external stakeholders are requiring greater assurance that IT controls are designed and operating effectively to meet regulatory demands and reduce their risk. This session will share one Information Security team’s journey to establish and enhance their controls assurance program to increase value to the organization.