Our second chapter meeting of 2017 will be held April 18th, 1:00-4:00pm, at the Ewald Conference Center in St Paul. Come out and join us for our informative presentations and great networking with your coworkers, colleagues and friends!
- Social networking: 1pm – 1:30pm
- President and Board opening statements: 1:30pm – 1:50pm
- Presentation: 1:50 – 2:40pm
- Break: 2:40pm-2:50pm
- Presentation: 2:50pm – 3:40pm
- Drawings and closing remarks: 3:40pm – 4pm
- Happy Hour
Don’t Let Third Parties Bring Down Your Business: Effective Vendor Management
Outsourcing is now commonplace. When you entrust vendors, and other types of third parties, with accessing and handling your business’s data, you are basically placing all control of security and privacy measures completely into their hands. That trust cannot be blind. Many security incidents and privacy breaches have resulted from poor, or non-existent, security practices within outsourced organizations handling another company’s data. When appropriately managed and with proper security controls in place, such third-party arrangements can benefit organizations. It is important for every business to understand the importance of managing the risks that can exist with such outsourced entities.
Vendor / third party information security and privacy management is a huge, and growing, concern. Multiple regulatory agencies, such as the FDIC, NCUA, and the OCR, have identified it as a key factor in upcoming examinations and audits. Growing numbers of security, privacy and breach notice laws are being put into place. This turns up the heat on organizations to understand how information is secured when in the hands of third-party service providers, and to have insights into their security and privacy practices and events. This session will cover the key points of what organizations should know about the risks involved with entrusting business processing, operations and data handling to third parties and actions to take to mitigate those risks.
Rebecca will cover:
- High-level overview of legal requirements for ensuring sound vendor security and privacy practices
- The risks involved with outsourcing including real-life examples
- How to mitigate those risks
- How to demonstrate to regulators that you are in compliance when someone else possesses your data
Rebecca Herold, CIPM, CIPT, CIPP/US, CISSP, CISM, CISA, FLMI
Rebecca is founder and CEO of The Privacy Professor®, a consulting business, founded in 2004. Rebecca is a co-founder and President of the SIMBUS, LLC, an information security, privacy and compliance services business. Rebecca has been an Adjunct Professor for the Norwich University Master of Science in Information Security & Assurance (MSISA) program since 2005.
Rebecca is widely recognized and respected and has been providing information privacy, security and compliance services, tools and products to organizations in a wide range of industries for over two decades. Rebecca has authored 18 published books, most recently “The ISACA Privacy Principles & Program Management Guide Volume 1” and “The ISACA Privacy Principles & Program Management Guide Volume 2” for the Information Systems Audit and Control Association (ISACA) which is scheduled to be published by January, 2017. Three more books are scheduled for 2017.
Rebecca was one of the first practitioners to be responsible for both information security and privacy starting in 1994 in a multi-national insurance and financial organization that was establishing one of the first online banks. In June 2009, Rebecca was asked to lead the NIST SGIP Smart Grid Privacy Subgroup, where she also led the Privacy Impact Assessment (PIA) for the home to utility activity, the very first performed in the electric utilities industry. In 2015 Rebecca also was asked to work for NIST for their Privacy Engineering initiative. Rebecca also was asked to be an officer for the IEEE COMSOC Par 1912 Working Group Privacy and Security Architecture for Consumer Wireless Devices Working Group in 2015. Rebecca currently serves on multiple advisory boards for security, privacy and high-tech technology organization. Rebecca has written hundreds of published articles and is frequently interviewed and quoted in diverse broadcasts and publications such as IAPP Privacy Advisor, BNA Privacy & Security Law Report, Wired, Popular Science, Computerworld, IEEE’s Security and Privacy Journal, and many others. Rebecca has been appearing 1-2 times monthly on the central Iowa area morning program, CW Iowa Live, to discuss and raise public awareness for current information security and privacy issues.
In addition to achieving FIP, CISSP, CISM, CISA, CIPP/US, CIPM, CIPT and FLMI certifications, Rebecca has received numerous awards and recognitions for her privacy and information security work over the years.
5 Ways to Improve Your Cyber Risk Communications
As CISOs are increasingly being asked to provide regular cyber risk updates to the C-Suite and the boardroom, they must make the most of the precious minutes of attention given to them. This session covers best practices derived from over a dozen articles written for CISOs, boards, and the C-Suite about cybersecurity.
Attendees will learn why boards are asking cyber-related questions, the types of questions directors are likely to ask, and the topics that will make their eyes gloss over. We’ll cover the perspective from the C-Suite, including how the dynamics in the C-Suite can foster — or hinder — crucial conversations about cyber risks. We’ll highlight how strategic alliances with other CXOs that can help the CISO’s arguments on how to best manage cyber risks. Finally, we’ll cover areas of professional growth for CISOs as they look forward to taking full advantage of a red-hot job market, and learn on how CISOs can position themselves to play a strategic role in their organization.
Key learning points:
- What cybersecurity questions are boards asking CISOs?
- How do C-Suite dynamics impact the organization’s cybersecurity?
- What are the areas of professional growth for CISOs (and aspiring CISOs)?
Chris, aka Dr.InfoSec, is passionate about helping organizations take stock of their cyber risks and manage those risks across the intricate landscape of technology, business, and people. Whether performing information security risk assessments, working alongside CIOs & CISOs to set and communicate strategic cybersecurity priorities, or advising board members on effective governance of cyber risks, Chris enjoys working with business leaders to improve their organization’s cyber risk posture.
Both faculty and practitioner, Chris maintains the DrInfoSec.com blog, tweets as @DrInfoSec, and writes articles about cyber risks for IBM’s SecurityIntelligence blog. Connect with Chris on LinkedIn. In January 2017, Chris co-authored a book, “Take Back Control of Your Cybersecurity Now: Game Changing Concepts on AI and Cyber Governance Solutions for Executives” with Paul Ferrillo, a NYC-based data-breach lawyer, available for FREE in PDF format from http://books.drinfosec.com
Are non-members and guests welcome at meetings and events?
Yes, we welcome individuals at large from the security community to join us for any of our events. We simply ask that, after experiencing personally the value of our community at two events, individuals consider joining ISSA for the additional benefits that membership provides.
Why do we have to register to attend meetings and events?
Besides assisting the board with planning logistics for our events, registering for meetings and events, then checking in when you attend, provides you with self-service documentation you can print out to support your CPE credits if you are audited.