2019 FALL GRITSS (Governance, Risk and IT Security Summit)
2019 September GRITTS Training Session
When: September 4-5, 2019 - 8:00 AM - 4:00 PM
ISACA-RTC Members - One Day $75, two day $125 (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - One Day $100, two day $175
All Others: One day $125, two day $225
Early registration discount is $7.50/day.
CPEs: Up to 16
Handouts: Will Be Uploaded When available
Wednesday Sept 4th – Regulation Day
8:15 – 9:30 – Rob Valdez – Keynote speaker
9:30 – 9:45 – Break
9:45 – 11:30 – Joseph Kirkpatrick – Managing Risk in Healthcare through HIPAA and HITRUST
Part One: Why is Healthcare Prone to Breaches?
OCR “Wall of Shame”
Part Two: Risk Management Best Practices
- Why should you care about a risk management?
- Planning, using, and conducting a risk analysis
Part Three: Lessons Learned from Information Security Frameworks and Standards
- What is HIPAA – Sets a national standard for the protection of consumers’ PHI and
- ePHI by mandating risk management best practices and physical, administrative, and technical safeguards
- What is the HITRUST CSF – A certifiable security framework that incorporates and leverages existing security requirements, including requirements of federal, state, third party, and other government agencies
Part Four: Risk Management Best Practices Continued
- Case studies
- Reducing risks through strong controls
- Cloud environment risk
11:30 – 1:00 – Lunch
1:00 – 2:30 – Patrick Lynch – Veronis – GDPR, CCPA, SC Law (see below)
Going into effect January 1st, 2020, the California Consumer Privacy Act promises to make a big splash among state data privacy laws nationwide. In the wake of major data breaches from Equifax to Yahoo, the CCPA is the farthest-reaching effort yet by any state to tighten data security standards and obligations for data processors, and the first in the US to be modelled on the European Union’s General Data Protection Regulation (GDPR). The CCPA won’t just affect California businesses, though: anyone who processes data from citizens of the Golden state will need to demonstrate that they can keep consumer data safe. During this talk, we’ll dive into the CCPA and its precedents like GDPR, focusing on the risks and obligations associated with unstructured data, and what steps an organization should take to protect data from the inside out.
2:30 – 2:45 – Break
2:45 – 4:00 –Dr. Michael Owens, BISO at Equifax
Thursday Sept 5th – Cybersecurity Day
8:15 – 9:15 – Ian Sterrett – Duke University Health System
9:15 – 9:30 – Break
9:30 – 11:30 – Kimberly Baily – Identity and Access Management 101
This session/workshop/seminar introduces the core Identity and Access Management (IAM) technologies and illustrates how they address security challenges and enhance the user experience. Topics include lifecycle management access management, single sign-on, and multi-factor authentication systems and processes.
11:30 – 1:00 – Lunch
1:00 – 2:30 – Dr. Katina Blue (bio on file) need abstract
2:30 – 2:45 – Break
2:45 – 4:00 – Rob Valdez – Key Note Closing.
Kimberly A Bailey, Senior Security Program Manager, Clorox
Kimberly A. Bailey is Senior Security Program Manager at The Clorox Company in Durham, NC. She currently drives delivery of the corporate cybersecurity strategic plan, which implements new technology that mitigate risks for the company’s Global IT applications and infrastructure. Kimberly has more than 20 years of experience translating corporate business needs into comprehensive strategies, road maps, and implementation plans. She has numerous accomplishments in full lifecycle architecture design, development, testing, and launch of new and next generation products, platforms, and solutions for IT.
Patrick Lynch has spent the past ten years been helping businesses deal with ever-increasing amounts of data – from digital transformation to business process to data protection. As a Solution Architect with Varonis, Patrick educates and advises customers on how to address security and compliance challenges around unstructured data.
Ian Sterrett, IT Audit Manager, Duke University Health System
Ian Sterrett is the Health System IT Audit Manager for Duke University Health System (DUHS). He is responsible for leading audits that focus on governance, security and other high-risk areas throughout the health system. Ian has over 12 years of experience providing IT audit and advisory services as both an internal and external auditor. Prior to joining Duke, Ian was Senior Manager of IT Internal Audit at Luxottica, where he was responsible for managing IT audit projects that covered topics such as mobile device management, disaster recovery, and PCI compliance. His other previous employers include KPMG and Ernst & Young, where he focused on SOX and SOC engagements.
Ian holds a Bachelor of Business Administration in Information Systems from The College of William and Mary. He is a Certified Information Systems Auditor (CISA) and a certified Project Management Professional (PMP). He has previously presented conference sessions and webinars for the Association of Healthcare Internal Auditors (AHIA) and the Association of College and University Auditors (ACUA).
Dr. Michael Owens, BIS Equifax
Dr. Michael Owens is the Interim Vice President of Information Security and Business Information Security Officer for U.S. Information Solutions with Equifax. He serves as part of the Global Security Leadership team and the USIS Senior Leadership Team responsible for leading security consulting teams in support of business drivers; and providing guidance and support to reduce insecure business practices, review and decision policy exceptions, tool and technology implementations, vulnerabilities, and maintain oversight of overall security program and initiatives.
Before joining Equifax, Michael worked for Ernst & Young, Cisco Systems, Fidelity Investments and has provided security consultation services with his own firm for Delta Air Lines, Cox Communications and The Coca-Cola Company. Michael is a US Marine Corps veteran, trained in military communications and network systems as well as counter-terrorism that is well recognized in the security industry. He was most recently selected as one of the 16 international security professionals featured to speak at the Global Cybersecurity Summit in Kiev, Ukraine.
Michael, has extensive experience in strategic consulting, cybersecurity, cyberwafare, technology and cyber policy creation and legislation. He the founder of the U.S. Global Center for Cyber Policy and serves on various board and committees including being appointed to the State Advisory Board of the U.S. Global Leadership Coalition. In 2018, Dr. Owens received his Certificate of Leader Development in National Security and Strategy as part of the United States Army War College’s 64th National Security Program where he focused on the role of cybersecurity in protecting private sector, military and government networks. Michael’s academic background includes a BS - Computer & Electronic Technology from NC A&T State University. A masters’ degree from the Business School at Georgia Institute of Technology and a Doctorate of Business Administration from CalUniversity. Michael was also selected into and attended the first ever Emerging Leaders Program class at Harvard University’s, Kennedy School of Government. His post doctorate studies include work in International Security and Government at Harvard University.
As Founder and President of KirkpatrickPrice, Joseph Kirkpatrick has spent over a decade developing the firm’s trailblazing initiatives in information security audit delivery and ethical hacking. Under his leadership, KirkpatrickPrice has delivered thousands of audit reports and information security engagements to clients of all sizes worldwide. Joseph enjoys educating, empowering, and inspiring clients by navigating them through the complex maze of compliance and regulatory requirements. Joseph is a CPA with over 25 years of experience in information technology. He holds CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, cybersecurity, IT governance, and regulatory compliance. Look out for Joseph at industry conferences and learn from his expertise in our webinars, videos, and blog!